You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/04/30 19:10:12 UTC

cvs commit: httpd-2.0/modules/ssl mod_ssl.c

jwoolley    02/04/30 10:10:12

  Modified:    .        CHANGES
               modules/ssl mod_ssl.c
  Log:
  Revert optimization from circa 2.0.34 that caused very long vhost id's
  to be unusable with mod_ssl.
  
  PR: 8572
  
  Revision  Changes    Path
  1.749     +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.748
  retrieving revision 1.749
  diff -u -d -u -r1.748 -r1.749
  --- CHANGES	30 Apr 2002 14:20:28 -0000	1.748
  +++ CHANGES	30 Apr 2002 17:10:11 -0000	1.749
  @@ -1,5 +1,10 @@
   Changes with Apache 2.0.37
   
  +  *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
  +     as the session id context rather that a MD5 hash of that vhost ID,
  +     because it caused very long vhost id's to be unusable with mod_ssl.
  +     PR 8572.  [Cliff Woolley]
  +
     *) Fix the link to the description of the CoredumpDirectory 
        directive in the server-wide document.  PR 8643.  [Jeff Trawick]
   
  
  
  
  1.64      +6 -4      httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.63
  retrieving revision 1.64
  diff -u -d -u -r1.63 -r1.64
  --- mod_ssl.c	7 Apr 2002 03:37:35 -0000	1.63
  +++ mod_ssl.c	30 Apr 2002 17:10:12 -0000	1.64
  @@ -279,6 +279,7 @@
       SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
       SSL *ssl;
       SSLConnRec *sslconn = myConnConfig(c);
  +    char *vhost_md5;
       modssl_ctx_t *mctx;
   
       /*
  @@ -334,12 +335,13 @@
           return DECLINED; /* XXX */
       }
   
  -    if (!SSL_set_session_id_context(ssl,
  -                                    (unsigned char *)sc->vhost_id,
  -                                    sc->vhost_id_len))
  +    vhost_md5 = ap_md5_binary(c->pool, sc->vhost_id, sc->vhost_id_len);
  +
  +    if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
  +                                    MD5_DIGESTSIZE*2))
       {
           ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  -                "Unable to set session id context to `%s'", sc->vhost_id);
  +                "Unable to set session id context to `%s'", vhost_md5);
   
           c->aborted = 1;

Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c

Posted by Cliff Woolley <jw...@virginia.edu>.

On 30 Apr 2002 jwoolley@apache.org wrote:

> jwoolley    02/04/30 10:10:12
>
>   Modified:    .        CHANGES
>                modules/ssl mod_ssl.c
>   Log:
>   Revert optimization from circa 2.0.34 that caused very long vhost id's
>   to be unusable with mod_ssl.
>
>   PR: 8572

I'm ambivalent about whether this should go into 2.0.36.  I don't see any
harm in it -- the equivalent code was in 2.8.x for ages (and still is
today).  At the same time, it's an edge case.  I leave it to Sander's
discretion.

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA